USN-2810-1 Kerberos vulnerability

It was discovered that Kerberos incorrectly handled null bytes in certain data fields. A remote attacker could possibly use this issue to cause a denial of service.

It was discovered that the Kerberos kdcpreauth modules incorrectly tracked certain client requests. A remote attacker could possibly use this issue to bypass intended preauthentication requirements.

It was discovered that Kerberos incorrectly handled certain SPNEGO packets. A remote attacker could possibly use this issue to cause a denial of service.

It was discovered that Kerberos incorrectly handled certain IAKERB packets. A remote attacker could possibly use this issue to cause a denial of service.

It was discovered that Kerberos incorrectly handled certain TGS requests. A remote attacker could possibly use this issue to cause a denial of service.

The Cloud Foundry project released a BOSH stemcell version 3137 that has the patched version of the Linux kernel. A new Cloud Foundry rootfs was also released, cflinuxfs2 v.1.18.0, that has the patches.

Pivotal is releasing an updated version of Pivotal Cloud Foundry Suite which references this patched BOSH stemcell and CF rootfs.

Affected Pivotal Products and Versions

Severity is
medium
unless otherwise noted.

All versions of Cloud Foundry BOSH stemcells prior to 3137 are vulnerable.